Policy Manager [on linux] 13.11 --> 14.20 => all [linux] nodes lost their Internet connection
yesterday I upgraded the Policy Manager to 14.20 from 13.11. After it ALL computers in the Domain tree lost their Internet connection.
I noticed in the Advanced view under F-Secure / F-Secure Linux Security (11.x hosts only) 11.10 / Settings / Firewall neither Rules nor Services are NOT inherited from neither parent nor the Root. So my own added Services and Rules disappeared from all Linux node.
Moreover I tried to turn off the Firewall (Settings / Firewall / Firewall enabled = No) to get back the Internet connection on all nodes but it didn't help.
Firewall (iptables rules) still working and blocks almost everything. I have to run this command in "screen" to keep our servers working:
while true ; do sleep 2s ; iptables -I INPUT -j ACCEPT ; iptables -I OUTPUT -j ACCEPT ; done
Moreover I can't click on the F-Secure Linux Security (11.x hosts only) 11.10 / Settings / Firewall / Rules. Actually I can click on but PM doesn't show anything!
I just can see an empty area.
I had to upgrade the database after I installed 14.20 (dpkg -i fspms_14.20.88937_amd64.deb). Due to this upgrading I'm not sure...is there any chance to switch back to 13.11 (fspms_13.11.84108_amd64.deb) ?
Please try F-Secure Policy Manager Console 14.20 Hotfix 1, available at https://www.f-secure.com/en/business/downloads/policy-manager-for-linux download page.
Policy Manager setup creates DB backup on upgrade. If you wish to revert PM version to the previous one, you can use backup for that.
Yesterday evening I tried to downgrade back to 13.11 and I could restore the DB from the backup.
It worked well
Sorry, I didn't notice the hotfix section when I downloaded the 14.20 installer last week. Thank you for bringing this to my attention. Let me try this tonight. Lots of people use one of the servers what was affected and I don't want to disturn them during work hours.
I upgrade the Policy Manager again to 14.20 from 13.11 but this time I applied the Hostfix on both side (PM Server and Console) and now the problem didn't come up.
It seems I just would have had to notice and download the Hotfix when I downloaded the deb packages but unfortunately this text is inconspicuous besides the lots of big blue buttons, what keep the attention away from Hotfix section.
Sorry for the "false" alarm.
Thank you for the update! Glad that your problem is resolved!